skip navigation

More signal. Less noise.

Daily briefing.

OpIsrael, which Anonymous mounts this time every spring, is scheduled for tomorrow. It's always essentially fizzled, never rising above a nuisance level, and Israeli enterprises appear prepared for it, some intending to treat it as a training opportunity.

Operation Cloudhopper, the cyberespionage campaign BAE and PWC have associated with APT10, has elicited warnings to businesses from authorities in the UK and Sweden, although the threat is not confined to those countries. Cloudhopper compromises its targets via their cloud and managed services providers. This story continues to develop, as Fidelis reports tracking another, related APT10 campaign, which they're calling Operation TradeSecret. This one is specifically pursuing intelligence on developing US trade policy.

A different incident also enabled through a compromised third-party, affected Scottrade. Some 20,000 loan applications were exposed by an IT service provider in the course of uploading them to the cloud.

Kaspersky and Symantec researchers continue to draw attention to North Korea's Lazarus Group. Kaspersky finds increased sophistication on the bank robbers' part; Symantec sees signs of activity in some thirty countries.

RiskIQ this morning released a report on mobile users' problematic relationship with their apps. The average user regularly interacts with about thirty apps, and tends to do so carelessly (with so many apps in use, unselective downloading, clicking suspect ads, password reuse and other problems seem practically inevitable). RiskIQ recommends shifting defenses from consumers to businesses, which may be better equipped to control and mitigate mobile threats.

US Congressional hearings into surveillance and Russian influence operations continue.

Notes.

Today's issue includes events affecting Australia, Bangladesh, Brazil, China, Costa Rica, Chile, Ethiopia, Gabon, Germany, India, Iran, Iraq, Israel, Japan, Kenya, Democratic Peoples Republic of Korea, Malaysia, Mexico, Nigeria, Norway, Poland, Peru, Russia, Sweden, Thailand, United Kingdom, United States, Uraguay, and Vietnam.

In today's podcast, Rick Howard from our partners at Palo Alto Networks discusses trends in cloud security. We also have a guest, Wendi Whitmore from IBM, whom we interviewed at WiCyS about her career and her thoughts on the conference.

Special editions of the podcast are also up. See Perspectives, Pitches, and Predictions from RSA, and an overview of how artificial intelligence is being applied to security.

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Hear stories of triumph and tribulation, advice and inspiration from some of Maryland’s diverse and dynamic female cybersecurity professionals. Join us in-person for this free event or register to view the live stream online.

2nd Annual Cyber Investing Summit (New York, New York, USA, May 23, 2017) The 2nd Annual Cyber Investing Summit is an all-day conference focusing on investing in the cyber security industry. Attendees will explore the financial opportunities, trends, challenges, and investment strategies available in the high growth cyber security sector.

Borderless Cyber USA (New York, New York, USA, June 21 - 22, 2017) Is your enterprise investing enough to protect against cyber-attack? Are you putting your resources where they have the most impact? How can you be sure? Senior security executives come together at Borderless Cyber to uncover new strategies, make new connections, and leave better prepared to defend their cyber practices--in the computer room and the Board room. The conference will take place at the historic U.S. Customs House in lower Manhattan on 21-22 June. Receive an extra $100 off the corporate rate. Use the discount code Cyberwire when registering. Special government rates and Early Bird savings are also available. We look forward to seeing you this June in NYC!

Cyber Attacks, Threats, and Vulnerabilities

Israel braces for annual cyber attack by Anonymous-led hackers (Jerusalem Post) Friday’s offensive is no serious threat, provides great learning opportunity, tech expert says.

Operation TradeSecret: Cyber Espionage at the Heart of Global Trade (Fidelis Cybersecurity) The Fidelis Threat Research Team issued important findings around an observed attack targeting a prominent U.S. lobbying group, the National Foreign Trade Council (NFTC).

UK and Swedish Watchdogs Warn of International Cyber Attack (US News and World Report) A large-scale cyber attack from a group targeting organizations in Japan, the United States, Sweden and many other European countries through IT services providers has been uncovered, the Swedish computer security watchdog said on Wednesday.

The Hunt For The Dawn Of APTs: A 20 Year-Old Attack That Remains Relevant To A Modern APT (Information Security Buzz) Kaspersky Lab and Kings College London researchers, looking for a link between a modern threat actor and the Moonlight Maze attacks that targeted the Pentagon, NASA and more in the late 1990s, have unearthed samples, logs and artefacts belonging to the ancient APT. The findings show that a backdoor used in 1998 by Moonlight Maze to tunnel information …

The North Korea worry you haven't heard of: Cyber bank robbers (McClatchy DC) The scale of North Korean hacking operations against banks and casinos is “shocking,” a report by cybersecurity giant Kaspersky Lab says. Another firm, Symantec, says a North Korean hacker group is targeting banks in 31 countries.

Matching Wits with a North Korea-Linked Hacking Group (Dark Reading) Skilled 'Bluenoroff' arm of infamous Lazarus hacking team behind Bangladesh Bank heist and Sony attacks actively resists investigators on its trail, Kaspersky Lab says.

Politics of cyber attribution pose risk for private industry (SearchSecurity) Why cyber attribution plays a big part in the federal government's willingness to share cyberthreat intelligence data with private industry.

Risk of cyberattack on US power grid ‘palpable,’ experts tell Congress (Fifth Domain | Cyber) A warning issued during a Senate Energy and Natural Resources Committee hearing on Tuesday said the potential for a major cyberattack against the nation’s power grid is “at an all time high.”

IoT Security Is a Top Federal Tech Concern (SIGNAL Magazine) As the IoT migrates from fantasy to reality, cybersecurity challenges posed by billions of connected devices are a leading concern for federal technologists.

Critical Xen hypervisor flaw endangers virtualized environments (CSO Online) A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system's entire memory.

Appsession: Is Our Appetite for Mobile Apps Putting Us at Risk? (RiskIQ) Mobile devices have become the undisputed internet platform of choice for consumers, with mobile apps the preferred method of interaction. According to the latest App Annie¹ figures, the number of worldwide app downloads in 2016 increased by 15% to 90 billion and the time spent in mobile apps grew by 25% to 900 billion hours.

Scottrade admits server snafu blabbed 20,000 customer files to world (Register) Not hacking, just an inept IT bod unable to secure a database, apparently

Malware Scanning Services Containers for Sensitive Business Information (Threatpost) At the Kaspersky Lab Security Analyst Summit, one researcher shared how he was able to find corporate emails, confidential business plans and classified FBI flash alerts.

Java Struts2 Vulnerability Used To Install Cerber Crypto Ransomware (SANS Internet Storm Center) Since about a month, we are tracking numerous attempts to exploit the Java Struts2 vulnerability (CVE 2017-5638). Typically, the exploits targeted Unix systems with simple Perl backdoors and bots. But recently, I saw a number of exploit attempts targeting Windows systems using a variant of the Cerber ransomware.

Phishing scammers exploit Wix web hosting (InfoWorld) Criminals flock to free web services to establish their attack infrastructure. The latest example: A group using free website host Wix for its phishing pages

“iCloud Mail” phishing emails doing rounds (Help Net Security) The email bids targets welcome to iCloud Mail, but warns that Apple has been unable to confirm their account info, and that it has been suspended.

When scams know too much… [VIDEO] (Naked Security) Watch our Facebook Live video to learn how to defend against scams where the crooks are threatening you with stolen data they already have.

Mena companies’ cybersecurity is in the mail (The National) Email is the predominant source of malware attacks according to Microsoft, which says the UAE has work to do to tackle the issue. So what are big companies, such as Emirates Group, doing to educate their employees about cybersecurity?

Android devices can be fatally hacked by malicious Wi-Fi networks (Ars Technica) Broadcom chips allow rogue Wi-Fi signals to execute code of attacker's choosing.

Massive DDoS Attack On U.S. College Throws IoT Security Into The Spotlight -- Again (CRN) Web application security company Incapsula reports that the unnamed college's network was affected by a massive attack for '54 hours straight.'

Businesses Hit by More W-2 Fraud as Cybercriminals Shift Tax Season Targets (Dark Reading) Businesses, not individuals, are more frequently targeted with scams as cybercriminals try to cash in on tax season.

Brazilian bank customers targeted after hackers compromise all of the bank's domains (Computing) Let's Encrypt accused of issuing the digital certificates that helped the hackers

How an Unprecedented Heist Hijacked a Bank’s Entire Online Operation (WIRED) Researchers at Kaspersky say a Brazilian bank's entire online footprint was commandeered in a five-hour heist.

Self-Deleting Malware Makes ATMs Spit out Cash (BleepingComputer) Security researchers have uncovered one of the most sophisticated ATM heists to date, involving a group of cyber criminals specialized in hacking bank networks using fileless malware, and ATM malware that spits out cash and then self-deletes.

Security Patches, Mitigations, and Software Updates

Google and Apple Issue Security Updates for Critical Broadcom WiFi Vulnerabilities (BleepingComputer) Owners of Android and iOS devices should pay special attention to security updates released by Google and Apple on Monday, as they contain fixes for a series of critical bugs affecting their phone's WiFi component.

Cyber Trends

An unprecedented amount of records were exposed last year. (Infosecurity Magazine) With over 4 billion records leaked last year, 2016 was a record-breaking year for data security.

One New Cyber-threat Discovered Every Three Seconds in Q4 (Infosecurity Magazine) One New Cyber-threat Discovered Every Three Seconds in Q4. Threat volumes high but slowing

Venafi Survey: 23% of Security Professionals Don’t Know How Their Organization Is Addressing Threats Hiding in Encryption (Venafi) Nearly a quarter of the survey respondents (23%) have no idea how much of their encrypted traffic is decrypted and inspected.

Defining and Addressing the Growing Cyber Insider Threat (Alien Vault) The Cyber Insider Threat is one of the most difficult challenges for companies, organizations, and countries. It is often difficult to discover, defend and remediate because such threats can involve a combination of human behavioral elements and hardware and software technologies. Many of the threat actors are tech-savvy and are becoming increasingly sophisticated in their methods of infiltration.

Poll: Americans more favorable on China except when it comes to cyberattacks (Fifth Domain | Cyber) Concerns about Chinese cyberattacks have risen from 55 percent, from last year’s report of 50 percent.

Biggest risk to a company’s cyber security is worker complacency (Financial Times) Survey finds UK employees are among the worst at protecting data

Marketplace

Is this the new normal? Bay Area startup fundings hit 6-year low in Q1 (Silicon Valley Business Journal) Venture industry leaders say their world continued to "normalize" in the first quarter of this year as the gap between the haves and have-nots of the startup world widened.

Cyber security bosses predict vulnerability among UK firms (Acumin Recruitment, London) National Cyber Security Centre Director Ciaran Martin told attendees of the recent CyberUK conference that businesses need to prepare for increasing threat.

F-Secure buys Little Flocker to upgrade its Mac security play (TechCrunch) Security researcher Jonathan Zdziarski revealed he was joining Apple earlier this month, and now it turns out his Mac security app, Little Flocker, has gone..

KEYW Wraps Up $235M Sotera Purchase (GovCon Wire) KEYW Corp. (Nasdaq: KEYW) has wrapped up its $235 million cash acquisition of Herndon, Virginia-base

McAfee Is Banking on Brand Nostalgia for New Notoriety (Fortune) New glory days in cybersecurity ahead for antivirus pioneer?

Sophos boosted by higher demand for cyber security services (Financial Times) UK group upgrades full-year profit forecasts after companies strengthen defences

CyberArk: Can One Buy The Dip? Or Is This A Roller Coaster? (Seeking Alpha) CyberArk's shares continue to suffer from the disappointing quarterly guidance the company gave at the time of its last conference call. The company has a long

Palo Alto Hits a New 52-Week Low: What's Dragging it Down? (Yahoo! Finance) Shares of Palo Alto Networks Inc. (PANW) touched a new 52-week low of $111.79 on Apr 4, and eventually closed at $109.82.

Leidos reports $395M DHS cyber contract win (Washington Technology) Leidos will help run a Department of Homeland Security center responsible for cyber intrusion detection work under a potential seven-year, $395 million contract.

Online Trust Alliance Merges into Internet Society (Infosecurity Magazine) Online Trust Alliance Merges into Internet Society. Non-profits combine forces

vArmour Appoints Michael Chertoff to its Advisory Board (Yahoo! Finance) vArmour, the leading data center and cloud security company, today announced that Michael Chertoff has joined its Advisory Board. As the former United States Secretary of Homeland Security, and the co-founder ...

Products, Services, and Solutions

Infoblox Advanced DNS Protection Helps Enterprises Mitigate Against Crippling DDoS Attacks (Infoblox) Protects networks against the widest range of external and internal DNS-based attacks

Darktrace Antigena Launched: New Era as Cyber AI Fights Back (Darktrace) Customers harness AI to autonomously fight back against in-progress threats

LockPath and SecurityScorecard Partner to Advance Vendor Risk Management (Yahoo! Finance) LockPath, a leading provider of governance, risk management and compliance solutions, and SecurityScorecard, the leading security rating platform, today announced a new partnership to streamline and strengthen ...

Yet another bank chooses a secure future (PRLog) Together with our partner company Lydsec, Keypasco are pleased to welcome our new customer - Agricultural Bank of Taiwan. The 17th customer to use the Keypasco Solution to provide state-of-the-art authentication to enhance their online security.

Forcepoint Adds Advanced Malware Detection to Next Generation Firewalls (PRNewswire) Global cybersecurity leader Forcepoint™ announced immediate availability...

Intercede and Centrify Partner to Streamline Secure Mobile Access for Highly Regulated Enterprises (Yahoo! Finance) Today, cybersecurity and identity management expert Intercede announces a partnership with Centrify, the leader in securing hybrid enterprises through the power of identity, to secure and manage mobile access in highly regulated industries who must comply with Homeland Security Presidential Directive

ThreatMetrix Spring '17 Release Unveils Major Enhancements to Dynamic Decision Platform: Case Management, Digital Identity Verification and Strong Customer Authentication (MarketWired) New release extends leadership in next generation identity and fraud management and supports PSD2 requirements

There’s an App for Spies Now—But You Can’t Use It (WIRED) Chris Rasmussen is on a mission, which makes sense, since he's a spy. But this mission isn't spooky. It's geeky.

NeuVector and Rancher Labs Partner on Container Security (eSecurity Planet) The companies team up to head off the inevitable rise in security threats targeting application container environments.

Kaspersky Lab Launches New Partner Program for MSPs, VARs (VAR Guy) The program is aimed at IT services providers and resellers who already provide security services or want to add security offerings.

Verizon to offer GSMA-certified security for eSims (Telecompaper) Verizon announced an agreement with the GSMA to provide security accreditation for embedded Sims.

Honeywell launches industrial cyber security solution (Trade Arabia) Honeywell, a global technology leader, has launched a new cyber security solution facilities that protects against USB-borne threats, without the need for complex procedures that impact operations or industrial personnel.

Fortinet Expands the Security Fabric with Enhanced Software-Defined Wide Area Networking Capabilities (Yahoo! Finance) John Maddison, senior vice president of products and solutions at Fortinet“ Increasing adoption of public cloud requires Wide Area Networking infrastructures that can ...

New Metadefender Cloud Outbreak Report Demonstrates Need for Data Sanitization (PRWeb) OPSWAT has announced the release of its new Outbreak Report, which demonstrates the efficiency of individual Metadefender and Metadefender Cloud packages in detecting malware outbreaks.

Testing of comms management tool shows positive results (C4ISRNET) In independent third-party testing, sponsored by PacStar, researchers found that automated systems management delivers a higher rate of productivity that the previous manual processes.

Technologies, Techniques, and Standards

Banks Must Focus More on Cyber-Risk (Dark Reading) Recent guidelines from the Federal Reserve are aimed at stemming the tide of successful exploits.

GDPR Doesn't Need to be GDP-Argh! (Dark Reading) These 10 steps will ease the pain of compliance with the General Data Protection Regulation, the EU's new privacy law that goes into effect in a little over a year.

7 (Samurai) Cyber Insights from the Former NSA Hacker Advising the White House (GovTechWorks) Rob Joyce, White House Cybersecurity Coordinator, brings to the job years of experience with the National Security Agency and its Tailored Access Operations unit. In an unusual public appearance at USENIX 2016 last August, he described how institutions can best protect their networks from attack.

Get smart about IIoT security risks in manufacturing (SearchManufacturingERP) IIoT security risks must be addressed so that companies can take full advantage of smart manufacturing. Here's what you should know.

Searching for a New DLP System? (Symantec) Insist on these seven core capabilities

Design and Innovation

Swiss system ups security and reliability of finger-based biometrics (TechCrunch) Biometrics may not be the perfect solution for security, but they can be useful — as long as they're robust and well thought out. TouchID is all well and..

Yul Williams on fostering innovation at the NSA (Standard-Examiner) Special to The Washington Post. Yul Williams is the technical director for the National Security Agency/Central Security Service, working with computer scientists, mathematicians and engineers to...

DISA wants industry insights on national background check system (Federal Times) The defense IT agency is looking for a mix of commercial solutions to help handle background investigations.

Research and Development

Identifying Faces in Video Images is Major Challenge, NIST Report Shows (NIST) In movies and television, computers can quickly identify a person in a crowded arena from tiny, grainy video images. But that is often not the reality when it comes to identifying bank robbery perpetrators from security camera video, detecting terrorism suspects in a crowded railway station, or finding desired individuals when searching video archives. To advance video facial identification for these and other applications, the National Institute of Standards and Technology (NIST) conducted a large public test known as the Face in Video Evaluation (FIVE).

Tim Teitelbaum of Grammatech talks DARPA’s Cyber Grand Challenge (Fedscoop) Grammatech’s Chairman, CEO, and Co-Founder Dr. Tim Teitelbaum speaks with host Kevin Greene about DARPA’s Cyber Grand Challenge (CGC), the world’s first all-machine hacking challenge. Grammatech was one of the finalists in CGC and Tim discusses some insights and lessons learned from the challenge. Tim also share his insights on why Grammatech has been very …

Legislation, Policy, and Regulation

Nation states are becoming bolder in cyberspace, says US cyber commander (C4ISRNET) Nation states are employing more coordinated campaigns in cyberspace as opposed to unorganized, haphazard intrusions.

German cyber command becomes official military branch as MPs demand accountability (RT International) The German military has officially inaugurated a 260-strong cyber command which will become a fifth branch of the Bundeswehr. Meanwhile, MPs demand that every attack on enemy computer networks be specifically approved by the parliament.

Tenth Fleet Looks to Deploy New Teams, Faces Challenges from Variety of Adversaries (Seapower) Comparing the standing up of cyber capabilities to the beginnings of developing an aircraft carrier, the U.S. Tenth Fleet chief of staff expressed optimism about the Navy’s ability to dominate the cyber sphere against a wide range of adversaries. Capt. James H. Mills provided a 10th fleet update April 5 at the Navy’s Information Warfare Pavilion on Sea-Air-Space show floor.

Marines look to dominate in information environment (C4ISRNET) The Marine Corps must position itself to compete in futuristic operating environments.

Officials hope Trump cyber order is worth the wait (E&E News) The extended wait for President Trump's cybersecurity executive order may signal a welcomed deeper dive into the challenges, a Department of Homeland Security official said yesterday.

Trump boots Steve Bannon from National Security Council (New York Post) Top presidential strategist Steve Bannon was booted from the National Security Council amid a reshuffling of the key panel, a new report said Wednesday.

Bannon’s Out. But Did H.R. McMaster Win? (New York Times) Trump’s decision to remove his chief strategist still leaves the National Security Council as weak and dysfunctional as ever.

US says laptop ban may expand to more airports (CSO Online) The U.S. might add other airports to its ban restricting passengers from bringing laptops on board certain flights from the Middle East.

Washington state asks: What comes after a cyber attack? (Herald Sun) Federal and the state governments should emphasize planning for recovering after a cyberattack and not just preventing one, the commander of Washington National Guard’s cyber unit has told a Senate committee.

Litigation, Investigation, and Law Enforcement

Lawmakers say intel agencies stonewalling on surveillance probe (Fox News) Lawmakers probing the surveillance of key officials in the Trump campaign and administration say the intelligence agencies now nominally under the president’s control are stonewalling efforts to get to the bottom of who revealed names and leaked protected information to the press.

Elijah Cummings: White House involvement in Russia probe is ‘highly unusual’ (The Washington Times) Rep. Elijah Cummings of Maryland on Tuesday said the level of White House involvement into the congressional probe of potential contacts between Russia and the Trump campaign is “highly unusual.”

6 questions raised by the report Susan Rice 'unmasked' names of Trump advisers (Washington Examiner) The report that Susan Rice was involved in the "unmasking" of Trump officials caught up in surveillance gives new credence to the possibility that Obama administration members were involved in some kind of surveillance of the Trump team.

On Susan Rice, the Issue Is Abuse of Power, Not Criminality (National Review) Susan Rice’s apparent involvement in the intelligence unmasking controversy was not illegal but an abuse of power.

The Obama Administration Allegedly Spied on Pro-Israel Activists. Did They Do the Same to Trump? (Tablet Magazine) One clue: The Russia story is a replay of how the former White House smeared pro-Israel activists in the lead-up to the Iran Deal

Reports in unmasking controversy were detailed, had info about 'everyday lives' (Fox News) The intelligence reports at the center of the Susan Rice unmasking controversy were detailed, and almost resembled a private investigator’s file, according to a Republican congressman familiar with the documents.

DOJ, DHS could do better at sharing terror info (FCW) Although the DOJ and DHS are sharing domestic counterterror information, they need to tweak some access and coordination issues, according to a joint oversight report from the agencies' inspectors general.

Geek Squad under fire for ‘cozy’ and ‘extensive’ links to FBI (Naked Security) Best Buy refutes accusation of overly close links to investigators as questions are raised over admissibility of evidence in a child abuse case

Blizzard Beats "Cheat" Maker, Wins $8.5 Million Copyright Damages (TorrentFreak) Blizzard Entertainment has won a copyright infringement case against the developer of several popular game cheats and hacks. In a default judgment, the court ordered the German company Bossland to pay over $8.5 million in damages. In addition, the cheat maker is prohibited from marketing or selling its products in the United States.

Blizzard just won an $8.6 million lawsuit against Overwatch hackers (Critical Hit) $8.7 million is the first of hopefully many wins against Bossland, a hacking service which serves over 260,000 subscription based users.

Wife of Pulse gunman to be extradited to Florida (KOCO) She will be brought back to Orlando to face charges of obstructing justice and providing support to a terrorist.

Lawyers win again in latest privacy class-action settlement (Ars Technica) iOS address book deal, if split evenly among class members, pays 53 cents each.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

Cyber Security Summit: Atlanta (Atlanta, Georgia, USA, April 6, 2017) If you are a Senior Level Executive responsible for making your company’s decisions in regards to information security, then you are invited to register for the Cyber Security Summit: Atlanta. Receive...

SANS 2017 (Orlando, Florida, USA, April 7 - 14, 2017) Success in information security requires making a commitment to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, join us at SANS 2017 in Orlando,...

Unprecedented Counterintelligence Threats: Protecting People, Information and Assets in the 21st Century. (Arlington, Virginia, USA, April 10, 2017) This full day symposium will provide insights into evolving threats to the nations security and identify effective ways of addressing them. Highlights Include: A keynote address from National Counterintelligence...

Hack In the Box Security Conference (Amsterdam, the Netherlands, April 10 - 14, 2017) Back again at the NH Grand Krasnapolsky, HITB2017AMS takes place from the 10th till 14th of April 2017 and features a new set of 2 and 3-day technical trainings followed by a 2-day conference with a Capture ...

cybergamut Technical Tuesday – 18 April 2017 – Operationalizing Deception for Advanced Breach Detection by Joe Carson of TrapX Security (Elkridge, Maryland, USA, April 18, 2017) Organizations continue to struggle with visibility of lateral movement inside their networks. When prevention technologies fail to stop the initial breach, an independent network based technology is needed...

Cyber Warrior Women: Blazing the Trail (Catonsville, Maryland, USA, April 19, 2017) Join the Cybersecurity Association of Maryland, Inc. (CAMI), in partnership with The CyberWire, Fort Meade Alliance, and presenting sponsor Exelon Corporation, for "Cyber Warrior Women: Blazing the Trail."...

ISSA CISO Executive Forum: Information Security, Privacy and Legal Collaboration (Washington, DC, USA, April 20 - 21, 2017) Information Security, Privacy and Legal programs must be closely aligned to be successful in today’s world. Customer and vendor contracts require strong security language. Privacy has moved to the forefront...

International Conference on Cyber Engagement 2017 (Washington, DC, USA, April 24, 2017) Georgetown University's seventh annual International Conference on Cyber Engagement promotes dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the...

SANS Baltimore Spring 2017 (Baltimore, Maryland, USA, April 24 - 29, 2017) SANS Institute, the global leader in information security training, today announced the course line-up for SANS Baltimore Spring 2017 taking place April 24 – 29. All courses offered at SANS Baltimore are...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Defence Information 2017 (Cranfield, England, UK, April 26 - 27, 2017) Defence Information 2017 is the major annual communications event of Joint Information Group activities (the JIG reports to the Defence Suppliers Forum) and the Event’s content spans both Information and...

Crimestoppers Conference (Eden Project, Bodelva, St Austell , April 27, 2017) Crimestoppers is organising a major one-day conference designed to help local businesses shore up their online security. A range of expert speakers will pinpoint typical cyber pitfalls to avoid. 80% of...

Atlantic Security Conference (Halifax, Nova Scotia, Canada, April 27 - 28, 2017) Atlantic Canada's non-profit, annual information security conference. AtlSecCon, the first security conference in Eastern Canada focusing on bringing some of the worlds brightest and darkest minds together...

SANS Automotive Cybersecurity Summit 2017 (Detroit, Michigan, USA, May 1 - 8, 2017) SANS will hold its inaugural Automotive Cybersecurity Summit to address the specific issues and challenges around securing automotive organizations and their products. Join us for a comprehensive look...

cybergamut Tech Tuesday: Distributed Responder ARP: Using SDN to Re-Engineer ARP from within the Network (Elkridge, Maryland, USA, and online at various local nodes, May 2, 2017) We present the architecture and initial implementation of distributed responder ARP (DR-ARP), a software defined networking (SDN) enabled enhancement of the standard address resolution protocol (ARP) intended...

Cyber Security Summit in Dallas (Dallas, Texas, USA, May 5, 2017) Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from Proofpoint, CenturyLink, IBM and more. Register with promo code cyberwire50 for half off...

OWASP Annual AppSec EU Security Conference (Belfast, UK, May 8 - 12, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

SANS Security West 2017 (San Diego, California, USA, May 9 - 18, 2017) Cybersecurity skills and knowledge are in high demand. Cyber attacks and data breaches are more frequent and sophisticated, and organizations are grappling with how to best defend themselves. As a result,...

OWASP AppSec EU (Belfast, Northern Ireland, UK, May 12 - 18, 2017) Welcome to OWASP Annual AppSec EU Security Conference, the premier application security conference for European developers and security experts. AppSec EU provides thought leadership, amazing talks, informative...

EnergySec Security Education Week (Austin, Texas, USA, May 14 - 19, 2017) The Energy Sector Security Consortium, Inc.'s Security Education Week is designed for early to mid career cybersecurity professionals currently employed at electric utilities in North America. Students...

Global Cybersecurity Innovation Summit Advancing International Collaboration (London, England, UK, May 16 - 17, 2017) SINET – London creates a forum to build and maintain international relationships required to foster vital information sharing, broad awareness and the adoption of innovative Cybersecurity technologies.

Public Sector Cyber Security Conference: Defending the Public from Cyber-Attacks (Salford, England, UK, May 17, 2017) Join us for the Public Sector Cyber Security Conference where leading experts will explain how to protect the vital services provided by central Government, local councils and the NHS. Learn how to safeguard...

PCI Security Standards Council: 2017Asia-Pacific Community Meeting (Bangkok, Thailand, May 17 - 18, 2017) Two days of networking and one-of-a-kind partnership opportunities await you. Whether you want to learn more about updates in the payment card industry or showcase a new product, you’ll find it all at...

2017 Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 17 - 18, 2017) It is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. At our Institute you will receive insights on the best...

Northsec Applied Security Event (Montreal, Québec, Canada, May 18 - 21, 2017) The conference will feature technical and applied workshops hosted in parallel for the most motivated attendees. Topics include application and infrastructure (pentesting, network security, software and/or...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.